GFI MailArchiver 6: Effective SMB email archiving solution

written by: Tom Olzak, CISSP•edited by: Bill Bunter•updated: 5/7/2010

Email archiving is moving from the realm of nice-to-have to that of must-have. Changes to e-discovery laws and the ascension of email to perhaps the largest repository of information are pushing SMBs to create and enforce retention and legal hold policies. MailArchiver helps meet these challenges.

slide 1 of 9

The challenges

Email today is not simply a replacement for the venerable paper memo. Rather, it is the way we share documents and other types of information with our co-workers, vendors, and customers. This results in mailbox databases containing a large amount of sensitive business and personal information. So courts are increasingly finding in favor of parties requesting thorough searches of email repositories as part of discovery. Because of this shift in messaging importance, small and medium businesses are faced with several legal, ethical, and administrative challenges, including:

The ability to efficiently search thousands of messages for one or more pieces of information, as specified in a discovery request, possibly extending over several years

The ability to place on hold messages identified as relevant to a discovery request

Enforcement of retention policies

Efficient use of storage

Easy access to archives by end-users and administrators

Maintain acceptable overall performance of production messaging system

This review rates how well GFI MailArchiver helps SMBs meet these challenges. My findings are based on a demo provided by the vendor as well as independent e-discovery research.

slide 2 of 9

Feature Set

Rating

MailArchiver works with Microsoft Exchange and any other IMAP compliant email system. For the purpose of this review, we'll focus on implementation in an Exchange environment.

Using Exchange journaling, MailArchiver extracts, indexes, and stores all messages sent or received using the organization's email system. Messages are archived even if the user deletes them, taking the decision about what to keep or what to throw away out of the hands of individual employees. There is one exception. MailArchiver does not process email marked as spam. Multi-layered, prioritized business policies, defined by you, help manage retention of messages with varying content.

MailArchiver deals with .PST files by providing for their automatic import from end-user devices. This isn't a continuous process. It's intended to build an initial archive that is complete. You still have to decide whether you want your data spread across the enterprise on uncontrolled .PST files, but you won't have to worry about court sanctions because you missed one or more .PST files during discovery.

Backups of the archive stores use volume shadow copy. Regular backups are possible, even during business hours, without serious degradation of email performance.

The typical MailArchiver environment consists of a front end Microsoft IIS server, a middle tier MailArchiver application server, and a back-end database server. Microsoft Active Directory is also necessary for mailbox and licensing management. MailArchiver scales by adding additional servers for load balancing. Virtual servers are supported. Also required are:

.NET framework

IE5.5 or later

You have your choice of databases and database configurations, including:

Firebird database (ships with product) and file system storage. Tracking information is stored in the database with content stored in the resident file system. GFI does not recommend Firebird for organizations with more than 2000 mailboxes. Another limitation is lack of database auditing.

Microsoft SQL Server with file system storage. Tracking information is stored in the database with content stored in the resident file system.

Microsoft SQL Server. All information related to the archives is stored in the database.

Storage concerns when facing email archiving loom large. However, MailArchiver minimizes storage use by archiving only what is necessary to locate messages and create audit trails. For example, a message sent to the entire company is only stored in the archive once, with information about the sender and receivers.

slide 3 of 9

Security and licensing concerns are not enough to pass up a look at this product.GFI MailArchiver Review, email security, email discovery,

slide 4 of 9

Discovery management

Rating

All content is indexed as it's archived. This includes sender and recipient information as well as the message body and attachments.

Administrators have two ways to organize archives. First, they can create multiple archive stores. Each archive store, for example, might contain messages from a specific period (i.e., month, quarter, or year) in order to minimize search effort and time. Second, search folders can be built that cause all messages meeting specific criteria to appear on demand without rebuilding the search attributes each time.

The reason I dropped the discovery capability rating is MailArchiver's inability to lock and manage messages as part of one or more legal holds. This functionality would prevent inadvertent deletion of messages of interest due to retention policies or other administrative tasks. I hope GFI plans to implement this in the future.

slide 5 of 9

Ease of Use

Rating

Users access their archived content via an Outlook add-on. Each archive store appears as a folder. Accessing a message in one of the stores is as easy as click and copy/restore. Bulk restores are just as easy.

Single message and bulk restores are possible from the central admin console as well. Further, the console allows the admin to build and prioritize policies, print reports, and access audit information.

Another nice feature is cross-access configuration. It's often necessary when an employee leaves the company to gain access to his or her email. MailArchiver allows configuration of another user for access to the former employee's archives.

slide 6 of 9

Security

Rating

I like to see two basic security capabilities in a message archiving system. First, the solution must track access, providing alerts or audit trails to prevent or report possible data leakage. MailArchiver accomplishes this with,

Auditing of messages moving in or out of the archive

Logging of all maintnenance tasks

Logging and alerting of bulk restores

Second, I like to see significant granularity in administrative privilege assignments. Although MailArchiver provides separation of admin and general user access, I'd like to see improved capability to pick and choose which admin tasks I want a user to perform. This is probably a bigger problem for large companies with admin tasks divided between teams. However, I dropped the Security rating because of this issue.

slide 7 of 9

Licensing and Price

Rating

Overall, you get a lot for what GFI expects in payment. Pricing tables are available at the GFI Web site. I believe the price vs. value rating is excellent. My issue is with licensing.

A MailArchiver license is necessary for each account in Active Directory, although you can create exclusion lists. This is an easy to manage licensing configuration.

GFI tracks the number of licenses purchased against the number of eligible AD accounts. If the number of accounts exceeds the number of licenses, MailArchiver stops archiving. I have no problem with this approach. I fully support vendor license tracking. My problem is with how archiving is stopped; no advance warning is provided to the administrator that archiving is about to be terminated. Even though users can still access already archived messages, and messages continue to be journaled in Exchange, I believe vendors need to provide a heads-up when their license policing algorithm is about to shut me down.

slide 8 of 9

The final word

Overall, I found MailArchiver to be a great solution for SMBs. It's feature-rich, easily meeting all the challenges I listed in the opening section of this review. Even though it has a couple of issues I'd like to see addressed, I highly recommend this product.

A fully functional evaluation copy is available for download. If you're looking for an email archiving solution for an SMB, I strongly encourage you give MailArchiver a look.